11 Feb 2011
I was recently frozen out of my Facebook account due to a hacking incident regular readers will be sick of reading about. It looks like I've retrieved it just in time to get infected with a whole new host of malware, unless I'm careful.
Given my pitiable data security record, I expect my details will be harvested by multiple cyber creeps imminently. Yes, malware is coming to the masses.
On that note, there's a certain amount of schadenfreude in witnessing others being hacked. I follow Location Location Location's Kirstie Allsopp on Twitter principally because she's hacked fairly regularly. In fact, ‘fake-hacking', or occasionally flinging out a few dozen tweets purporting to sell stolen iPads could be a good way to grow your Twitter following. I must remember that.
Websense security labs has recently announced the discovery of a Facebook rogue app creation toolkit. We've known about rogue apps on social media for some time - they pose as questionnaires or fun apps on your friends' pages, enticing you to give away your personal details or attempting to download something malicious to your computer.
But now it's a commoditised industry. The toolkits are available for a mere £15. For your money you get a simple template allowing you to customise and build your own rogue app for Facebook. This can spread malware (which you can create from various completely free and highly sophisticated toolkits available on the web). Or it could direct users to your web site, where further malware might be served, or for click-fraud purposes (where you fraudulently increase the click count on an ad banner on your site, increasing your profit). Alternatively, it could entreat users to fill in a survey so that you gain their personal details, valuable information in itself.
It's possible to quickly infect thousands of people and see a steady income from these practices, and all for an up-front one-time cost of £15. I'm almost impressed in spite of myself at the ingenuity and agility of cyber criminals. What's worrying is that that term is widening. You don't need to be a hacker to use these tools. As IT is increasingly commoditised and simpler to use, so are the tools of cyber crime. To be a successful hacker these days, you just need access to the internet and a disregard for ethics.
In fact, if I wasn't lumbered with these blasted scruples I could be a wealthy man by now. George Bernard Shaw could have extended his famous quote: "Those who can, do. Those who can't, teach. Those who won't, blog about it."
Well now that's thoroughly depressed me, I think I'll check if Allsopp's been hacked again yet. It's one form of recreation, recreation, recreation.
Stuart Sumner, senior reporter and security geek
H4cked Off will return in March.
Add your comment
